//package com.oa.core.oauth;
//
//import com.oa.core.config.AuthExceptionEntryPoint;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.data.redis.connection.RedisConnectionFactory;
//import org.springframework.http.HttpMethod;
//import org.springframework.security.authentication.AuthenticationManager;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.core.userdetails.UserDetailsService;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
//import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
//import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
//import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
//import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
//import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
//import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
//import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
//import org.springframework.security.web.context.SecurityContextPersistenceFilter;
//
///**
// * OAuth2配置
// * Created by wangfan on 2018-02-22 上午 11:29.
// */
//@Configuration
//public class OAuth2ServerConfig {
//    private static final String RESOURCE_ID = "api";  //资源ID
//
//    /**
//     * 资源服务器
//     */
//    @Configuration
//    @EnableResourceServer
//    protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
//
//        @Override
//        public void configure(ResourceServerSecurityConfigurer resources) {
//            resources.resourceId(RESOURCE_ID).stateless(true);
//            resources.authenticationEntryPoint(new AuthExceptionEntryPoint());
//        }
//
//        @Override
//        public void configure(HttpSecurity http) throws Exception {
//            http.headers ().frameOptions ().disable ();
//            //配置跨越需要
//            http.addFilterBefore(new CorsControllerFilter(), SecurityContextPersistenceFilter.class);
//            // 配置必须认证过后才可以访问的接口
////            http.authorizeRequests()
////                    .antMatchers("/user/**").authenticated()
////                    .antMatchers("/role/**").authenticated()
////                    .antMatchers("/authorities/**").authenticated()
////                    .antMatchers("/loginRecord/**").authenticated()
////                    .antMatchers("/userInfo").authenticated()
////                    .antMatchers("/userMenu").authenticated();
////                    .antMatchers("/**").authenticated();
//
//            //对oauth开头的请求不拦截
//            http.authorizeRequests()
//                    .antMatchers("/oauth/**").permitAll()
//                    .antMatchers ("/swagger-ui.html").permitAll ()
//                    .and().logout().logoutUrl("/logout").permitAll().invalidateHttpSession(true)
//                    .and ().headers ().frameOptions ().disable ();
//        }
//
//
//    }
//
//    /**
//     * 授权服务器
//     */
//    @Configuration
//    @EnableAuthorizationServer
//    protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
//        @Autowired
//        private AuthenticationManager authenticationManager;
//        @Autowired
//        private RedisConnectionFactory redisConnectionFactory;
//        @Autowired
//        private UserDetailsService userDetailsService;
//        @Autowired
//        private WebResponseExceptionTranslator customWebResponseExceptionTranslator;
//
//        @Override
//        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
//            String finalSecret = "{bcrypt}" + new BCryptPasswordEncoder().encode("123456");
//            //配置两个客户端,一个用于password认证一个用于client认证
//            clients.inMemory()
//                    .withClient("client_1")
//                    .resourceIds(RESOURCE_ID)
//                    .authorizedGrantTypes("client_credentials", "refresh_token")
//                    .scopes("select")
//                    .authorities("client")
//                    .secret(finalSecret)
//                    .and()
//                    .withClient("client_2")
//                    .resourceIds(RESOURCE_ID)
//                    .authorizedGrantTypes("password", "refresh_token")
//                    .scopes("select")
//                    .authorities("oauth2")
//                    .secret(finalSecret);
//        }
//
//
//        @Override
//        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
//            endpoints.tokenStore(new RedisTokenStore(redisConnectionFactory))
//                    .authenticationManager(authenticationManager)
//                    .userDetailsService(userDetailsService)
//                    .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
//            endpoints.reuseRefreshTokens(true);
//            endpoints.exceptionTranslator(customWebResponseExceptionTranslator);
//
//        }
//
//        @Override
//        public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
//            //允许表单认证
//            oauthServer.allowFormAuthenticationForClients();
//            oauthServer.authenticationEntryPoint(new AuthExceptionEntryPoint());
//        }
//
//    }
//
//}